Mobile Device Management in Office 365

Managing mobile devices and securing your endpoints is an important task, there are many MDM solutions out there, including Microsoft’s own InTune. But what if you’re a small company? Well if you’re using Office 365 then you can take advantage of the Mobile Device Management for Office 365 feature to provide basic MDM features such as ensuring devices connecting aren’t Jailbroken, have a device password set and allow remote wipe.

In this post I’ll walk through the administrative steps required to get the tenant ready for MDM and how to apply it to users

So, we browse to the Mobile Management section within the Office 365 portal and we are greeted with:

mdm1

After clicking Let’s get started and once the Microsoft automation tasks have completed and MDM is ready we are greeted with:

mdm2

First thing is to complete the settings and remove the error

To configure the tenant domain(s) you need to add two new cname records as per http://go.microsoft.com/fwlink/p/?linkId=525583

mdm3

mdm4

Now, if you’re not going to have Apple devices then you can, as it says skip that configuration.

After clicking on Set up, we have to download the CSR from our account

mdm5

Next we have to browse to the Apple Portal

mdm6

Sign in with an Apple Account (ensuring it’s an account that isn’t tied to a specific user so can continue to be used as the certificates will need renewing)

mdm7

Click on Create a Certificate

mdm8

Accept the Terms of Use to continue

mdm9

Use the Choose File button to browse and select the CSR file generated earlier.

mdm10

Once processed use the download button to download the PEM response file

 mdm11

You can close out the Apple website and upload the PEM file.

mdm12

Now we have a nice green tick to say we’re set up

mdm13

Now we need to create polices that can be applied to users, the first step of which is to ensure we have a group in Office 365 that we can apply the policy to

mdm14

After ensuring our groups are created we can create our Device Management policies.

mdm15

We give the policy a name

mdm16

Now you can choose the policy options

mdm17

Then some additional options

mdm18

Next, we have the option to just save the policy, but doing so will not apply it or we can apply the policy straight away

mdm19

Now we can browse to the group(s) we created earlier and add them

mdm20

Once the group(s) are added we can continue

mdm21

We are given a summary of the policy

mdm22

Back in the portal we can see that the policy has been created and that it is being turned on

mdm23

After a little while we can see that its status has been set to on

mdm24

Now it is just a case of assigning users to the group and they will get the policy assigned. I hope to cover the client experience in another post

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s